PromptSnatcher: Ad Blocker Extensions Compromise AI Chat Privacy

Two Chrome extensions, 'Smart Adblocker' and 'Adblock for Browser', have been discovered to exfiltrate user prompts and responses from major AI platforms including ChatGPT, Claude, and Gemini. These extensions, masquerading as ad blockers, were installed by approximately 90,000 users. They intercept communications and send data to operator-controlled servers while also checking if users are paid subscribers on five of the eight targeted platforms. The malicious extensions share the same capture engine and payload format. Reports have been filed regarding their abuse on the Chrome Web Store, and a detailed analysis of the indicators of compromise (IOCs) has been released. The situation remains active as users are urged to remove the extensions immediately.

Key Points: • Two malicious Chrome extensions are stealing data from AI chat platforms. • Approximately 90,000 users installed the affected extensions before detection. • Users are advised to remove the extensions to protect their privacy.